GEN000000-LNX00360 - The X server must have the correct options enabled - '-auth'

Information

Without the correct options enabled, the Xwindows system would be less secure and there would be no screen timeout.

Solution

Enable the following options: -audit (at level 4), -auth and -s with 15 minutes as the timeout value.

Procedure for gdm:
Edit /etc/gdm/custom.conf and add the following:
[server-Standard]
name=Standard server
command=/usr/bin/Xorg -br -audit 4 -s 15
chooser=false
handled=true
flexible=true
priority=0

Procedure for xinit:
Edit or create a .xserverrc file in the user's home directory containing the startup script for xinit.
This script must have an exec line with at least these options:

exec /usr/bin/X -audit 4 -s 15 -auth <Xauth file> &

The <Xauth file> is created using the 'xauth' command and is customarily located in the user's home directory with the name '.Xauthority'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Linux_5_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-218169r603259_rule, STIG-ID|GEN000000-LNX00360, STIG-Legacy|SV-62805, STIG-Legacy|V-1021, Vuln-ID|V-218169

Plugin: Unix

Control ID: d7ca2a7701bafc2a3115de027476dbbf3661e1d4afb5de66ed55793c21306a68